Meta

What Defines a "Botnet"?

There have been various reports over the weekend of a new development of the “Ikee” iPhone worm that now collects banking details. It is being reported as a “botnet“, which seems to be a popular term with journalists (possibly because it appeals to “Rise of the Machines” type scare-mongering 🙂 ).

I’ve been quite sceptical about such reports since this July when the “Sexy View” malware on the Symbian Platform was reported as the “first mobile botnet“. Now in my view that wasn’t even a proper worm (it had to be manually installed by the user on every phone it spread to) and definitely not a botnet (there was no remote control of the malware after it was installed), so is there any more truth in these latest reports?

According to F-Secure’s initial analysis, the latest iPhone malware connects to an IP address in Lithuania, and downloads something from it, but it’s not clear from that what the thing it downloads is, or what it does with it. Although they call the IP address a “command & control center”, I remain sceptical, and would like to see some more details before conceding that this actually is the “first mobile botnet”…

Share this:

Like this:

LikeLoading...

Related

This entry was posted on 23 November 2009 at 6:29 pm and is filed under Malware.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.

One Response to “What Defines a "Botnet"?”

Craig Hsaid

An update on this: having read the Sophos blog, they say it “regularly checks back for commands to download and run later”. I’m still not 100% convinced, but that does make it look more like a “proper” botnet.